
package org.springframework.security.core;

import java.io.Serializable;
import java.security.Principal;
import java.util.Collection;

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.context.SecurityContextHolder;

/**
 *
 * 1.用户的认证信息主要由 Authentication的实现类来保存
 * 2.当用户使用用户名/密码登录或使用Remember-me登录时，都会对应一个不同的Authentication实例
 *  可以看到，在 Spring Security 中，只要获取到 Authentication 对象，就可以获取到登录用户的详细信息。
 *  不同的认证方式对应不同的 Authentication 实例
 *
 * @author Ben Alex
 */
public interface Authentication extends Principal, Serializable {
	// ~ Methods
	// ========================================================================================================

	/**
	 * 用来获取用户的权限
	 */
	Collection<? extends GrantedAuthority> getAuthorities();

	/**
	 * 用来获取用户凭证，一般来说就是密码
	 */
	Object getCredentials();

	/**
	 * 用来获取用户携带的详细信息，可能是当前请求之类等
	 */
	Object getDetails();

	/**
	 * 用来获取当前用户，例如是一个用户名或者一个用户对象
	 */
	Object getPrincipal();

	/**
	 * 当前用户是否认证成功
	 */
	boolean isAuthenticated();

	/**
	 * See {@link #isAuthenticated()} for a full description.
	 * <p>
	 * Implementations should <b>always</b> allow this method to be called with a
	 * <code>false</code> parameter, as this is used by various classes to specify the
	 * authentication token should not be trusted. If an implementation wishes to reject
	 * an invocation with a <code>true</code> parameter (which would indicate the
	 * authentication token is trusted - a potential security risk) the implementation
	 * should throw an {@link IllegalArgumentException}.
	 *
	 * @param isAuthenticated <code>true</code> if the token should be trusted (which may
	 * result in an exception) or <code>false</code> if the token should not be trusted
	 *
	 * @throws IllegalArgumentException if an attempt to make the authentication token
	 * trusted (by passing <code>true</code> as the argument) is rejected due to the
	 * implementation being immutable or implementing its own alternative approach to
	 * {@link #isAuthenticated()}
	 */
	void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
}
